Possible infection, had hosts file hijacked recently

My computer had it's hosts file hijacked recently. I managed to remove what had been added and locked it down with Spybots list.

Since then my computer is randomly loosing it's internet connection- it's almost like the network card becomes disabled. It always shows up as numerous Perfdisk errors in Event Viewer around when it happens eg:
Unable to read the disk performance information from the system. Disk performance counters must be enabled for at least one physical disk or logical volume in order for these counters to appear. Disk performance counters can be enabled by using the Hardware Device Manager property pages. Status code returned is data DWORD 0.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

I'm also getting errors like these in Event Viewer:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.


It's also hanging sometimes when I shut the computer down...it starts shutting down then gets stuck on blue screen and just stays there. Have scanned with Malware Bytes, Vipre, Spybot etc but I'm just not sure if this is a virus or some hardware issue with the network card

Machine is running on XP

Edited by enolcis, 21 August 2010 - 08:09 AM.

Ok have waited over a month on this, I still need help I think I am infected - should i post in the other forum or is someone still going to help me via this thread.

Did MBAM ever find anything that would give us a clue as to what we dealing with? if it is an infection and not a driver hardware issue?

http://www.bleepingcomputer.com/forums/topic323892.html

Would you publish a snapshot with speccy?

MBAM did find a few things in old installers/zips but these have been quarrantined etc, it's not showing anything as being actively wrong. Computer is still behaving weirdly and performing quite slowly- seems like the system C: is almost constantly reading even when there's nothing much going on with the computer. It's never been as slow as this before...

http://speccy.piriform.com/results/ZEIM3A9KLYvwKL3BsqEx79z

Could you get me a list of running processes?


http://technet.microsoft.com/en-us/sysinte...s/bb896653.aspx

Process PID CPU Private Bytes Working Set Description Company Name
System Idle Process 0 96.21 0 K 28 K
Interrupts n/a 0 K 0 K Hardware Interrupts
DPCs n/a 0 K 0 K Deferred Procedure Calls
System 4 0.76 0 K 256 K
smss.exe 1084 192 K 936 K Windows NT Session Manager Microsoft Corporation
csrss.exe 1208 1,828 K 8,140 K Client Server Runtime Process Microsoft Corporation
winlogon.exe 1240 8,876 K 40,928 K Windows NT Logon Application Microsoft Corporation
services.exe 1284 0.76 1,976 K 8,580 K Services and Controller app Microsoft Corporation
nvsvc32.exe 1468 4,304 K 24,144 K NVIDIA Driver Helper Service, Version 258.96 NVIDIA Corporation
svchost.exe 1528 3,192 K 30,132 K Generic Host Process for Win32 Services Microsoft Corporation
unsecapp.exe 2380 2,280 K 26,860 K WMI Microsoft Corporation
wmiprvse.exe 2456 2,236 K 30,448 K WMI Microsoft Corporation
svchost.exe 1592 2,060 K 29,980 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1756 19,864 K 72,236 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1808 2,420 K 22,832 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1988 8,624 K 29,164 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 488 3,620 K 34,220 K Generic Host Process for Win32 Services Microsoft Corporation
AAWService.exe 588 55,324 K 61,980 K Ad-Aware Service Application Lavasoft
spoolsv.exe 708 3,380 K 31,768 K Spooler SubSystem App Microsoft Corporation
CTAudSvc.exe 760 924 K 19,336 K Creative Audio Service Creative Technology Ltd
svchost.exe 824 1,432 K 28,204 K Generic Host Process for Win32 Services Microsoft Corporation
AppleMobileDeviceService.exe 860 2,072 K 11,248 K Apple Mobile Device Service Apple Inc.
mDNSResponder.exe 872 1,280 K 20,984 K Bonjour Service Apple Inc.
jqs.exe 1216 9,740 K 1,384 K Java™ Quick Starter Service Sun Microsystems, Inc.
LVPrcSrv.exe 1404 904 K 16,556 K Logitech LVPrcSrv Module. Logitech Inc.
SBAMSvc.exe 1648 0.76 51,332 K 26,940 K Sunbelt Software Anti Malware Service Sunbelt Software
SBPIMSvc.exe 1980 3,552 K 384 K Plug-in Manager Service Sunbelt Software
schedul2.exe 2016 812 K 17,704 K Seagate Scheduler 2 Seagate
svchost.exe 352 2,784 K 30,036 K Generic Host Process for Win32 Services Microsoft Corporation
searchindexer.exe 456 19,332 K 41,052 K Microsoft Windows Search Indexer Microsoft Corporation
wmiapsrv.exe 2376 1,980 K 27,628 K WMI Performance Adapter Service Microsoft Corporation
alg.exe 2508 1,236 K 25,604 K Application Layer Gateway Service Microsoft Corporation
iPodService.exe 3032 2,484 K 15,764 K iPodService Module (32-bit) Apple Inc.
lsass.exe 1296 4,016 K 1,528 K LSA Shell (Export Version) Microsoft Corporation
explorer.exe 3688 35,224 K 85,064 K Windows Explorer Microsoft Corporation
CTSysVol.exe 1200 3,036 K 23,404 K CTSysVol.exe Creative Technology Ltd
DiscWizardMonitor.exe 980 3,284 K 20,344 K Seagate DiscWizard Monitor Seagate
TimounterMonitor.exe 2532 8,100 K 28,532 K Monitor for Acronis True Image Backup Archive Explorer Acronis
schedhlp.exe 2708 720 K 17,932 K Seagate Scheduler Helper Seagate
iTunesHelper.exe 1768 9,468 K 68,392 K iTunesHelper Apple Inc.
CtHelper.exe 2416 3,932 K 15,956 K CtHelper Application Creative Technology Ltd
jusched.exe 2032 908 K 21,860 K Java™ Update Scheduler Sun Microsystems, Inc.
SBAMTray.exe 3132 1,648 K 3,108 K SBAMTray Application Sunbelt Software
rundll32.exe 3200 3,864 K 24,412 K Run a DLL as an App Microsoft Corporation
LogitechDesktopMessenger.exe 672 4,708 K 2,676 K Logitech Desktop Messenger Logitech Inc.
TBPANEL.exe 3000 3,476 K 38,540 K Vtune : Display Control Panel
ctfmon.exe 3512 1,008 K 21,264 K CTF Loader Microsoft Corporation
Monitor.exe 368 4,532 K 26,320 K
WindowsSearch.exe 1752 7,252 K 53,476 K Windows Search System Tray Microsoft Corporation
trillian.exe 1044 31,012 K 46,960 K Trillian Cerulean Studios
firefox.exe 2824 147,944 K 164,048 K Firefox Mozilla Corporation
plugin-container.exe 3504 21,536 K 25,344 K Plugin Container for Firefox Mozilla Corporation
googletalkplugin.exe 2356 10,744 K 11,592 K Google Talk Plugin Google
chrome.exe 3144 22,588 K 12,140 K Google Chrome Google Inc.
chrome.exe 1852 30,824 K 39,552 K Google Chrome Google Inc.
chrome.exe 3420 3,224 K 8,072 K Google Chrome Google Inc.
chrome.exe 1152 11,492 K 17,524 K Google Chrome Google Inc.
chrome.exe 4072 3,136 K 7,892 K Google Chrome Google Inc.
procexp.exe 3148 1.52 13,708 K 22,500 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com

chrome.exe 3144 22,588 K 12,140 K Google Chrome Google Inc.
chrome.exe 1852 30,824 K 39,552 K Google Chrome Google Inc.
chrome.exe 3420 3,224 K 8,072 K Google Chrome Google Inc.
chrome.exe 1152 11,492 K 17,524 K Google Chrome Google Inc.
chrome.exe 4072 3,136 K 7,892 K Google Chrome Google Inc.

Try testing with fewer processes running, keep a minimum open in the tray, you have way too much loaded to troubleshoot?

If you can't solve the problem with turning off or removing apps that load at startup then we need to dig deeper, ytou have plenty of resources, ram and hard drive space.

http://www.bleepingcomputer.com/forums/topic44690.html

http://www.malwareremoval.com/tutorials/runningslowly.php

If this doesn't help then

Please follow the instructions in ==>This Guide<==.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<==

If you can produce at least some of the logs, then please create the new topic. If you cannot produce any of the logs, then post back here and we will provide you with further instructions.

Here's a new process log. Going to go through your other suggestions now, many thanks.


Process PID CPU Private Bytes Working Set Description Company Name
System Idle Process 0 96.92 0 K 28 K
Interrupts n/a 0 K 0 K Hardware Interrupts
DPCs n/a 0 K 0 K Deferred Procedure Calls
System 4 0.77 0 K 244 K
smss.exe 1084 192 K 432 K Windows NT Session Manager Microsoft Corporation
csrss.exe 1204 1,876 K 4,300 K Client Server Runtime Process Microsoft Corporation
winlogon.exe 1236 7,392 K 5,820 K Windows NT Logon Application Microsoft Corporation
services.exe 1280 0.77 1,952 K 4,212 K Services and Controller app Microsoft Corporation
nvsvc32.exe 1476 4,208 K 5,892 K NVIDIA Driver Helper Service, Version 258.96 NVIDIA Corporation
svchost.exe 1528 3,196 K 5,212 K Generic Host Process for Win32 Services Microsoft Corporation
unsecapp.exe 3992 2,296 K 4,052 K WMI Microsoft Corporation
wmiprvse.exe 1052 2,608 K 6,272 K WMI Microsoft Corporation
svchost.exe 1604 2,060 K 4,792 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1768 16,032 K 25,264 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1820 2,416 K 3,496 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 2000 8,312 K 10,632 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 476 1,676 K 4,256 K Generic Host Process for Win32 Services Microsoft Corporation
AAWService.exe 576 50,876 K 24,748 K Ad-Aware Service Application Lavasoft
AAWTray.exe 2568 936 K 916 K Ad-Aware Tray Application Lavasoft
spoolsv.exe 692 3,472 K 5,368 K Spooler SubSystem App Microsoft Corporation
CTAudSvc.exe 760 924 K 2,980 K Creative Audio Service Creative Technology Ltd
svchost.exe 1136 1,412 K 3,868 K Generic Host Process for Win32 Services Microsoft Corporation
AppleMobileDeviceService.exe 1448 4,984 K 7,480 K Apple Mobile Device Service Apple Inc.
mDNSResponder.exe 1292 1,280 K 3,920 K Bonjour Service Apple Inc.
jqs.exe 1988 10,576 K 1,464 K Java™ Quick Starter Service Sun Microsystems, Inc.
LVPrcSrv.exe 360 860 K 2,496 K Logitech LVPrcSrv Module. Logitech Inc.
SBAMSvc.exe 528 117,996 K 103,520 K Sunbelt Software Anti Malware Service Sunbelt Software
SBAMTray.exe 3728 1,544 K 5,736 K SBAMTray Application Sunbelt Software
SBPIMSvc.exe 920 3,552 K 460 K Plug-in Manager Service Sunbelt Software
schedul2.exe 1484 816 K 2,724 K Seagate Scheduler 2 Seagate
svchost.exe 1652 2,716 K 4,596 K Generic Host Process for Win32 Services Microsoft Corporation
searchindexer.exe 1928 24,316 K 13,640 K Microsoft Windows Search Indexer Microsoft Corporation
wmiapsrv.exe 3888 1,984 K 4,712 K WMI Performance Adapter Service Microsoft Corporation
iPodService.exe 2484 2,468 K 4,556 K iPodService Module (32-bit) Apple Inc.
alg.exe 2676 1,152 K 3,340 K Application Layer Gateway Service Microsoft Corporation
lsass.exe 1300 4,004 K 1,880 K LSA Shell (Export Version) Microsoft Corporation
explorer.exe 1044 31,228 K 38,184 K Windows Explorer Microsoft Corporation
CTSysVol.exe 2712 2,968 K 5,204 K CTSysVol.exe Creative Technology Ltd
DiscWizardMonitor.exe 2748 1,424 K 2,692 K Seagate DiscWizard Monitor Seagate
TimounterMonitor.exe 2772 6,432 K 10,512 K Monitor for Acronis True Image Backup Archive Explorer Acronis
schedhlp.exe 2784 728 K 2,740 K Seagate Scheduler Helper Seagate
iTunesHelper.exe 2888 9,444 K 14,768 K iTunesHelper Apple Inc.
CtHelper.exe 2924 2,408 K 4,656 K CtHelper Application Creative Technology Ltd
jusched.exe 2976 916 K 3,008 K Java™ Update Scheduler Sun Microsystems, Inc.
rundll32.exe 3108 3,872 K 5,144 K Run a DLL as an App Microsoft Corporation
LogitechDesktopMessenger.exe 3172 4,732 K 2,028 K Logitech Desktop Messenger Logitech Inc.
TBPANEL.exe 3192 3,484 K 8,936 K Vtune : Display Control Panel
ctfmon.exe 3224 1,008 K 3,772 K CTF Loader Microsoft Corporation
Monitor.exe 3344 0.77 4,536 K 9,108 K
WindowsSearch.exe 3360 7,236 K 11,820 K Windows Search System Tray Microsoft Corporation
firefox.exe 3216 103,452 K 118,608 K Firefox Mozilla Corporation
plugin-container.exe 2664 13,004 K 16,876 K Plugin Container for Firefox Mozilla Corporation
procexp.exe 4088 0.77 12,336 K 19,864 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com

Monitor.exe 3344 0.77 4,536 K 9,108 K

Do a search for this file on your computer and try to identify it?

C:\Program Files\LG Soft India\forteManager\bin\Monitor.exe

Try to eliminate any duplicate functions in processes running, those are the most likely to cause conflicts and windows errors.

I've run every virus scan I have in Safe Mode, everythings clean. Will go through some of those other links you sent.

Had numerous bsods over the past few days, had one message saying an error had been found during a paging operation- so I have moved the page file to another drive.

The crashes have nearly all happened when I've gone Start menu to open up a program?? Seems a bit weird....the menu kinda stalls and doesnt open properly then after ten secs or so I get a bsod. These crashes also are still also coinciding with Perfnet errors in Event Viewer:

Unable to open the Server service. Server performance data will not be returned. Error code returned is in data DWORD 0.


TCP/IP has reached the security limit imposed on the number of connections.


Really need to figure out what's going on here, need the computer for serious work

What are the exact errors from Event Viewer?

You can get there by going to Administrative Tools via Control Panel.

Thats where I copied those errors pasted above from?

Unable to open the Server service. Server performance data will not be returned. Error code returned is in data DWORD 0.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

That's the error from right when it crashed